phantom-ai-coworker

SUSPICIOUS: the skill’s broad powers match its stated 'AI co-worker' purpose, so it is not clearly deceptive, but its footprint is extremely high risk. Autonomous messaging, self-modification, remote MCP expansion, many credentials, public endpoints, shell/Docker control, and a mounted Docker socket create a powerful agent that could be abused or prompt-injected into impactful actions.